Total
36905 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7351 | 1 Shaarli Project | 1 Shaarli | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks. | ||||
| CVE-2013-7071 | 1 Fibranet | 1 Monitorix | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2013-7062 | 1 Plone | 1 Plone | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method. | ||||
| CVE-2013-7054 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 6.1 Medium |
| D-Link DIR-100 4.03B07: cli.cgi XSS | ||||
| CVE-2013-6880 | 1 Elvedia | 1 Flashcanvas | 2024-11-21 | 6.1 Medium |
| Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting (XSS) attacks via the HTTP Referer header. | ||||
| CVE-2013-6878 | 1 Miwisoft | 1 Mijosearch | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Mijosoft MijoSearch component 2.0.4 and earlier for Joomla! allows remote attackers to inject arbitrary web script or HTML via the query parameter to component/mijosearch/search. | ||||
| CVE-2013-6495 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform, Jboss Portal | 2024-11-21 | 6.1 Medium |
| JBossWeb Bayeux has reflected XSS | ||||
| CVE-2013-6451 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values. | ||||
| CVE-2013-6430 | 2 Pivotal Software, Redhat | 3 Spring Framework, Jboss Amq, Jboss Fuse | 2024-11-21 | 5.4 Medium |
| The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket. | ||||
| CVE-2013-6364 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 8.8 High |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | ||||
| CVE-2013-6242 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions. | ||||
| CVE-2013-6239 | 1 Exis-ti | 1 Exis Contexis | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the photo gallery model in Exis Contexis before 2.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter in a detail action. | ||||
| CVE-2013-6022 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2013-5988 | 1 Semperplugins | 1 All In One Seo Pack | 2024-11-21 | 6.1 Medium |
| A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter. | ||||
| CVE-2013-5978 | 1 Cart66 | 1 Cart66 Lite Plugin | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977. | ||||
| CVE-2013-5658 | 1 Aultware | 1 Pwstore | 2024-11-21 | 6.1 Medium |
| AultWare pwStore 2010.8.30.0 has XSS | ||||
| CVE-2013-5638 | 1 Transcend-info | 2 Wifisd, Wifisd Firmware | 2024-11-21 | 5.4 Medium |
| Transcend WiFiSD 1.8 has persistent XSS | ||||
| CVE-2013-5637 | 1 Pqigroup | 2 Air Card, Air Card Firmware | 2024-11-21 | 5.4 Medium |
| PQI AirCard has persistent XSS | ||||
| CVE-2013-5212 | 1 Easyxdm | 1 Easyxdm | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file. | ||||
| CVE-2013-4968 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 6.1 Medium |
| Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." | ||||